Skip to main content
SpringerLink
Log in

KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels

  • Conference paper
  • First Online:
Book cover Research in Attacks, Intrusions, and Defenses (RAID 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11050))

Abstract

Commodity OS kernels have broad attack surfaces due to the large code base and the numerous features such as device drivers. For a real-world use case (e.g., an Apache Server), many kernel services are unused and only a small amount of kernel code is used. Within the used code, a certain part is invoked only at runtime while the rest are executed at startup and/or shutdown phases in the kernel’s lifetime run. In this paper, we propose a reliable and practical system, named KASR, which transparently reduces attack surfaces of commodity OS kernels at runtime without requiring their source code. The KASR system, residing in a trusted hypervisor, achieves the attack surface reduction through a two-step approach: (1) reliably depriving unused code of executable permissions, and (2) transparently segmenting used code and selectively activating them. We implement a prototype of KASR on Xen-4.8.2 hypervisor and evaluate its security effectiveness on Linux kernel-4.4.0-87-generic. Our evaluation shows that KASR reduces the kernel attack surface by 64% and trims off 40% of CVE vulnerabilities. Besides, KASR successfully detects and blocks all 6 real-world kernel rootkits. We measure its performance overhead with three benchmark tools (i.e., SPECINT, httperf and bonnie++). The experimental results indicate that KASR imposes less than 1% performance overhead (compared to an unmodified Xen hypervisor) on all the benchmarks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Accetta, M., et al.: Mach: a new kernel foundation for UNIX development (1986)

    Google Scholar 

  2. AMD Inc.: Secure virtual machine architecture reference manual, December 2005

    Google Scholar 

  3. ARM Inc.: Armv8 (2011). https://community.arm.com/docs/DOC-10896

  4. Azab, A.M., Ning, P., Wang, Z., Jiang, X., Zhang, X., Skalsky, N.C.: HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 38–49 (2010)

    Google Scholar 

  5. Bonnie (1999). http://www.coker.com.au/bonnie++

  6. Cheng, Y., Ding, X.: Guardian: hypervisor as security foothold for personal computers. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) Trust 2013. LNCS, vol. 7904, pp. 19–36. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38908-5_2

    Chapter  Google Scholar 

  7. Colp, P., et al.: Breaking up is hard to do: security and functionality in a commodity hypervisor. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP 2011, pp. 189–202. ACM (2011)

    Google Scholar 

  8. Cook, K.: Linux kernel ASLR (KASLR). In: Linux Security Summit (2013)

    Google Scholar 

  9. Dautenhahn, N., Kasampalis, T., Dietz, W., Criswell, J., Adve, V.: Nested kernel: an operating system architecture for intra-kernel privilege separation. In: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2015, pp. 191–206 (2015)

    Google Scholar 

  10. Gu, Z., Saltaformaggio, B., Zhang, X., Xu, D.: Face-change: application-driven dynamic kernel view switching in a virtual machine. In: 44th Annual IEEE/IFIP International Conference Dependable Systems and Networks (DSN), DSN 2014, pp. 491–502. IEEE (2014)

    Google Scholar 

  11. Herder, J.N., Bos, H., Gras, B., Homburg, P.: MINIX 3: a highly reliable, self-repairing operating system. ACM SIGOPS Oper. Syst. Rev. 40(3), 80–89 (2006)

    Article  Google Scholar 

  12. Herder, J.N., Bos, H., Gras, B., Homburg, P., Tanenbaum, A.S.: Construction of a highly dependable operating system. In: Proceedings of the 6th European Dependable Computing Conference, EDCC 2006, pp. 3–12. IEEE (2006)

    Google Scholar 

  13. Intel Inc.: Intel 64 and IA-32 architectures software developer’s manual combined volumes: 1, 2a, 2b, 2c, 3a, 3b and 3c, October 2011

    Google Scholar 

  14. Klein, G., et al.: seL4: formal verification of an operating-system kernel. Commun. ACM 53(6), 107–115 (2010)

    Article  Google Scholar 

  15. Kornblum, J.: Fuzzy hashing and ssdeep (2010)

    Google Scholar 

  16. Kurmus, A., Dechand, S., Kapitza, R.: Quantifiable run-time kernel attack surface reduction. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 212–234. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08509-8_12

    Chapter  Google Scholar 

  17. Kurmus, A., Sorniotti, A., Kapitza, R.: Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs. In: Proceedings of the Fourth European Workshop on System Security. ACM (2011)

    Google Scholar 

  18. Kurmus, A., et al.: Attack surface metrics and automated compile-time OS kernel tailoring. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium, NDSS 2013 (2013)

    Google Scholar 

  19. Li, Y., Dolan-Gavitt, B., Weber, S., Cappos, J.: Lock-in-Pop: securing privileged operating system kernels by keeping on the beaten path. In: USENIX Annual Technical Conference, pp. 1–13. USENIX Association (2017)

    Google Scholar 

  20. Madhavapeddy, A., et al.: Unikernels: library operating systems for the cloud. In: ACM SIGPLAN Notices, vol. 48, pp. 461–472. ACM (2013)

    Google Scholar 

  21. Mao, Y., Chen, H., Zhou, D., Wang, X., Zeldovich, N., Kaashoek, M.F.: Software fault isolation with API integrity and multi-principal modules. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 115–128. ACM (2011)

    Google Scholar 

  22. Michal, Z., Niels, H., Sebastian, R. (2010). https://code.google.com/archive/p/skipfish

  23. Mosberger, D., Jin, T.: Httperf - a tool for measuring web server performance. SIGMETRICS Perform. Eval. Rev. 26(3), 31–37 (1998)

    Article  Google Scholar 

  24. Nguyen, A., Raj, H., Rayanchu, S., Saroiu, S., Wolman, A.: Delusional boot: securing hypervisors without massive re-engineering. In: Proceedings of the 7th ACM European Conference on Computer Systems, EuroSys 2012, pp. 141–154 (2012)

    Google Scholar 

  25. Riley, R., Jiang, X., Xu, D.: Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 1–20. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87403-4_1

    Chapter  Google Scholar 

  26. Seccomp (2005). https://lwn.net/Articles/332974

  27. Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSES. In: ACM SIGOPS Operating Systems Review, vol. 41, pp. 335–350. ACM (2007)

    Google Scholar 

  28. Smalley, S., Vance, C., Salamon, W.: Implementing SELinux as a linux security module. NAI Labs Rep. 1(43), 139 (2001)

    Google Scholar 

  29. Standard Performance Evaluation Inc.: SPECint (2006). http://www.spec.org

  30. Sullo, C. (2012). https://cirt.net/nikto

  31. Swift, M.M., Martin, S., Levy, H.M., Eggers, S.J.: Nooks: an architecture for reliable device drivers. In: Proceedings of the 10th Workshop on ACM SIGOPS European Workshop, pp. 102–107. ACM (2002)

    Google Scholar 

  32. Szefer, J., Keller, E., Lee, R.B., Rexford, J.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 401–412 (2011)

    Google Scholar 

  33. Tartler, R., et al.: Automatic OS kernel TCB reduction by leveraging compile-time configurability. In: Proceedings of the 8th Workshop on Hot Topics in System Dependability, p. 3 (2012)

    Google Scholar 

  34. Wang, Z., Jiang, X.: HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 380–395 (2010)

    Google Scholar 

  35. Wang, Z., Wu, C., Grace, M., Jiang, X.: Isolating commodity hosted hypervisors with hyperlock. In: Proceedings of the 7th ACM European Conference on Computer Systems, EuroSys 2012, pp. 127–140 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Data61, CSIRO, Sydney, Australia

    Zhi Zhang, Surya Nepal & Dongxi Liu

  2. University of New South Wales, Sydney, Australia

    Zhi Zhang & Fethi Rabhi

  3. Baidu XLab, Sunnyvale, CA, USA

    Yueqiang Cheng

  4. Peking University, Beijing, China

    Qingni Shen

Authors
  1. Zhi Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yueqiang Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Surya Nepal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongxi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Qingni Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Fethi Rabhi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhi Zhang .

Editor information

Editors and Affiliations

  1. University of Illinois at Urbana-Champaign, Urbana, IL, USA

    Michael Bailey

  2. Ruhr-Universität Bochum, Bochum, Germany

    Thorsten Holz

  3. Vrije Universiteit Amsterdam, Amsterdam, The Netherlands

    Manolis Stamatogiannakis

  4. Foundation for Research & Technology – Hellas, Heraklion, Crete, Greece

    Sotiris Ioannidis

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, Z., Cheng, Y., Nepal, S., Liu, D., Shen, Q., Rabhi, F. (2018). KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2018. Lecture Notes in Computer Science(), vol 11050. Springer, Cham. https://doi.org/10.1007/978-3-030-00470-5_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00470-5_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00469-9

  • Online ISBN: 978-3-030-00470-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation